Detection of Trojan Horses by the analysis of system behavior and data packets

Author

Gudipati, Vamshi Krishna ; Vetwal, Aayush ; Kumar, Varun ; Adeniyi, Anjorin ; Abuzneid, Abdelshakour

Author_Institution

Univ. of Bridgeport, Bridgeport, CT, USA

fYear

2015

fDate

1-1 May 2015

Firstpage

1

Lastpage

4

Abstract

Trojan Horse is said to be one of the most serious threats to computer security. A Trojan Horse is an executable file in the Windows operating system. This executable file will have certain static and runtime characteristics. Multiple system processes in the Windows OS will be called whenever a Trojan Horse tries to execute any operation on the system. In this paper, a new Trojan Horse detection method by using Windows Dynamic Link Libraries to identify system calls from a Trojan Horses is explicated. Process explorer is used to identify the malicious executables and to determine whether they are Trojans or not. Further, an attempt made to study the network behavior after a Trojan Horse is executed using Wireshark.

Keywords

invasive software; operating systems (computers); Trojan Horse detection method; Windows OS; Windows dynamic link libraries; Windows operating system; Wireshark; computer security; data packet analysis; executable file; process explorer; system behavior analysis; Computers; Monitoring; Protocols; Software; Trojan horses; Process Explorer; Trajan Horse; Wireshark;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island

Conference_Location

Farmingdale, NY

Type

conf

DOI

10.1109/LISAT.2015.7160176

Filename

7160176